call tomorrow!

2016-01-06 Thread J Lovejoy 
Hi All,

You should have received a recurring invite for SPDX Legal calls in 2016 
beginning tomorrow.  If you did not, let me know off-list.

Call in 2016 will be at the same bat-time and same bat-channel: 
http://wiki.spdx.org/view/Legal_Team 

Agenda for tomorrow’s call:

1) A discussion came up on the tech team regarding how to identify when there 
truly is no license and a package is just “all rights reserved” - please read 
the thread here: https://bugs.linuxfoundation.org/show_bug.cgi?id=1289 
 including my response 
at the bottom.  I hope to have some members of the tech team on the call for 
this discussion as well.

2) Please review the 2016 priorities list, which is now posted here: 
http://wiki.spdx.org/view/Legal_Team/Current_Projects_and_Issues-2016 

I’ll be looking for people to take the lead on some of these items.
Regarding the markup project - as we have earmarked this as a main priority for 
2016 and this discussion has been resurrected on the tech call recently, please 
re-familiarize yourself with this topic before our call tomorrow. 

Thanks,
Jilayne


SPDX Legal Team co-lead
opensou...@jilayne.com


___
Spdx-legal mailing list
Spdx-legal@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-legal

Re: New OSI-approved licenses

2016-01-06 Thread J Lovejoy 
Hi Rob, 

I did not add any explanatory text as per your request.  Like you said, we can 
cross that bridge if/when we get questions.

By way of background or reminder for those who don’t know all the history:  
The point of the SPDX License List is to provide a reliable way to identify 
common open source licenses.  The short identifiers are key here - whether used 
in an SPDX document, or used in a host of other places where being able to 
refer to a license in a concise and reliable way is helpful. When the OSI 
declared their support for SPDX some years ago and began to include the SPDX 
short identifiers in brackets after the license names and then changed the URLs 
to use the short identifiers, this was great alignment in terms of spreading 
the word and encouraging consistency. There was actually a fair amount of work 
involved; making sure SPDX had all OSI-approved licenses on the SPDX License 
List meant taking a very thorough look at the list, license text, etc.  I am 
forever grateful for the awesome collaborative effort we enjoyed to this end, 
thanks specifically to (former) OSI board members, Karl Fogel, John Cowan, and 
Luis Villa.

At that time, the OSI had not approved a new license in some time, so it was 
easy to get up-to-date.  What we failed to establish, although it has been 
talked about on a couple occasions, was a process for making sure that when OSI 
approves a new license, SPDX gets a heads-up so we can also add it to the SPDX 
License List, including the important task of determining the short identifier, 
which the OSI can then include and use as they do/have.  We will certainly be 
looking to improve that communication going forward.

Of course, even that may not have helped in this rather odd (I hope) situation 
of someone submitting a license to the OSI who was not the author of the 
license, under a different name, and after it had already been submitted/added 
to the SPDX License List by the license’s author. As stated previously, the 
best outcome here, was if the person who submitted the license to OSI to 
understand the importance of a consistent way to identify the same license and 
concede to changing the OSI submission to the name you had already been using, 
as the author of the license. 

I can understand your frustration and having the same license under two 
different names (anywhere for that matter!) is not optimal.  

In any case, I think an important thing to note here and which seems to have 
gotten lost in the thread is the reason you stated as to why you submitted it 
to SPDX: 
"Either Samsung or Sony (I forget which) asks me to submit the the 
toybox
license to SPDX to simplify their internal paperwork:
http://lists.spdx.org/pipermail/spdx-legal/2015-June/001443.html";

People and companies are using the SPDX License List.  We never can really 
quantify who and how, but that a big company asked you to submit your license 
to be on the SPDX License List is a great indicator of the usefulness of the 
SPDX License List.  :)

In any case, thanks for all your input and time.


Thanks,
Jilayne

SPDX Legal Team co-lead
opensou...@jilayne.com


> On Dec 17, 2015, at 5:12 PM, Rob Landley  wrote:
> 
> On 12/17/2015 02:46 PM, J Lovejoy wrote:
>>> On Dec 17, 2015, at 1:25 PM, Rob Landley  wrote:
>>> 
>>> On 12/17/2015 12:38 PM, J Lovejoy wrote:
 That sounds like a reasonable result, all things considered.
>>> 
>>> I don't care what OSI does.
>>> 
 I’ll add a note to the Notes field of Zero Clause BSD License
 to the same effect on the upcoming release of the SPDX License List.
>>> 
>>> Please don't. Pretty please?
>>> 
>>> 
>> Hi Rob,
>> 
>> What I had in mind was: where it says “Note” on this page
>> http://spdx.org/licenses/0BSD.html, to add something along
>> the lines of capturing the following facts:
> 
> It's not the wording. It's acknowledging their mistake's existence.
> 
>> "There is a license that the OSI approved after this license was added
>> to the SPDX License List and which is identical to this license, but
>> referred to there as "Free Public License 1.0.0”. Apart from the name,
>> the only difference is that the Free Public License is used without a
>> copyright notice, whereas the Zero Clause BSD License has generally
>> been used with a copyright notice.  This difference, as per the SPDX
>> License List Matching Guidelines, is inconsequential for matching
> purposes."
>> 
>> By adding some info, we avoid someone later asking why there are there
>> are different names for essentially the same license on SPDX and OSI.
> 
> And by adding that info, I get those questions, so I need to update my
> license.html page to preemptively explain about OSI. I was hoping not to
> open that can of worms.
> 
> Could you maybe wait for somebody to ask about it first? I honestly
> don't believe anyone reads OSI's licensing page anymore. I do expect
> them to read SPDX's.
> 
>> Please feel free to edit, if you have better wording

copyright notice, and what else?

2016-01-06 Thread J Lovejoy 
Hi All,

Sam and I were discussing what to include (in the context of an SPDX document 
or generally for compliance with OSS used in a product) in terms of copyright 
notices and other “related” text one may find with a copyright notice.  For 
example, if you came across the following, would you provide the second line?

# Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc.
# Written by Gary V. Vaughan, 2004\n",

In terms of the SPDX specification, the relevant parts of two sections on 
copyright notice (package and file sections) state:

Identify the copyright holders of the package, as well as any dates 
present. This will be a free form text field extracted from 
package information files. The options to populate  this field are 
limited to:
(i) any text related to a copyright notice, even if not 
complete; 


If we take that literally, I’d say only the actual copyright holders is 
required (the first line), but one could interpret “any text related to a 
copyright notice” to include the second line.

If we are talking about license compliance, then we'd defer to the license. 
Although even then, we may be take either a thorough or minimal stance.  What I 
mean is that if the license requires reproducing the copyright notice, then we 
end up with the same question as above; the second line arguably isn’t part of 
the copyright notice (strict interpretation), but one may still decide to 
include it.  In any case, I don’t think including or not including the second 
line would hurt or help either way. 
 
If the license does not require the copyright notice explicitly for a binary 
redistribution (not all do), it still may not change the question.  I’d argue 
that good practice would be to collect and provide the copyright notice anyway, 
in which case, we are back to whether or not to also include the second line.  

I’d be curious to hear:
1) what other people think and do in practice
2) consider whether we want to clarify the wording in the specification in any 
way to be explicitly strict as to what should be included in that field or 
intentionally leave it to be interpreted with some discretion (for examples 
such as this).


Cheers,
Jilayne



___
Spdx-legal mailing list
Spdx-legal@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-legal

Jilayne Lovejoy invited you to “SPDX Legal call”.

2016-01-06 Thread Jilayne Lovejoy via Spdx-legal 
Jilayne Lovejoy invited you to “SPDX Legal call”.

when: Thursday, January 7, 2016, 11:00 AM MST - 12:00 PM MST
Repeating event. View details – 
https://www.icloud.com/calendar/eventreply/?t=2_GE3TQNZUGQYDCMBRG44DONBUGBZ7GUNEPOQB65SZ33EN5GW6EF2IO6LCQ3HZEO6TUJFQOJOCMJVXO&p=p07&cc=US

invitees: You

note: Join the call: https://www.uberconference.com/spdxteam
Optional dial in number: 857-216-2871
PIN: 38633

reply: 
Accept – 
https://www.icloud.com/calendar/eventreply/?t=2_GE3TQNZUGQYDCMBRG44DONBUGBZ7GUNEPOQB65SZ33EN5GW6EF2IO6LCQ3HZEO6TUJFQOJOCMJVXO&p=p07&cc=US#reply=accept
Decline – 
https://www.icloud.com/calendar/eventreply/?t=2_GE3TQNZUGQYDCMBRG44DONBUGBZ7GUNEPOQB65SZ33EN5GW6EF2IO6LCQ3HZEO6TUJFQOJOCMJVXO&p=p07&cc=US#reply=decline
Maybe – 
https://www.icloud.com/calendar/eventreply/?t=2_GE3TQNZUGQYDCMBRG44DONBUGBZ7GUNEPOQB65SZ33EN5GW6EF2IO6LCQ3HZEO6TUJFQOJOCMJVXO&p=p07&cc=US#reply=tentative



---
iCloud is a service provided by Apple.
Apple ID:  https://appleid.apple.com/choose-your-country/
Support:  https://www.apple.com/support/icloud/ww
Terms and Conditions:  https://www.apple.com/legal/internet-services/icloud/ww/
Privacy Policy:  https://www.apple.com/legal/internet-services/privacy/
Copyright 2016 Apple Inc. 1 Infinite Loop, Cupertino, CA 95014, United States.
All rights reserved.
BEGIN:VCALENDAR
VERSION:2.0
CALSCALE:GREGORIAN
PRODID:-//CALENDARSERVER.ORG//NONSGML Version 1//EN
METHOD:REQUEST
BEGIN:VTIMEZONE
TZID:America/Denver
X-LIC-LOCATION:America/Denver
BEGIN:STANDARD
DTSTART:18831118T120004
RDATE;VALUE=DATE-TIME:18831118T120004
TZNAME:MST
TZOFFSETFROM:-0659
TZOFFSETTO:-0700
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:19180331T02
RRULE:FREQ=YEARLY;UNTIL=19190330T09Z;BYDAY=-1SU;BYMONTH=3
TZNAME:MDT
TZOFFSETFROM:-0700
TZOFFSETTO:-0600
END:DAYLIGHT
BEGIN:STANDARD
DTSTART:19181027T02
RRULE:FREQ=YEARLY;UNTIL=19191026T08Z;BYDAY=-1SU;BYMONTH=10
TZNAME:MST
TZOFFSETFROM:-0600
TZOFFSETTO:-0700
END:STANDARD
BEGIN:STANDARD
DTSTART:19200101T00
RDATE;VALUE=DATE-TIME:19200101T00
RDATE;VALUE=DATE-TIME:19420101T00
RDATE;VALUE=DATE-TIME:19460101T00
RDATE;VALUE=DATE-TIME:19670101T00
TZNAME:MST
TZOFFSETFROM:-0700
TZOFFSETTO:-0700
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:19200328T02
RRULE:FREQ=YEARLY;UNTIL=19210327T09Z;BYDAY=-1SU;BYMONTH=3
TZNAME:MDT
TZOFFSETFROM:-0700
TZOFFSETTO:-0600
END:DAYLIGHT
BEGIN:STANDARD
DTSTART:19201031T02
RDATE;VALUE=DATE-TIME:19201031T02
RDATE;VALUE=DATE-TIME:19210522T02
RDATE;VALUE=DATE-TIME:19450930T02
TZNAME:MST
TZOFFSETFROM:-0600
TZOFFSETTO:-0700
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:19420209T02
RDATE;VALUE=DATE-TIME:19420209T02
TZNAME:MWT
TZOFFSETFROM:-0700
TZOFFSETTO:-0600
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:19450814T17
RDATE;VALUE=DATE-TIME:19450814T17
TZNAME:MPT
TZOFFSETFROM:-0600
TZOFFSETTO:-0600
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:19650425T02
RRULE:FREQ=YEARLY;UNTIL=19660424T09Z;BYDAY=-1SU;BYMONTH=4
TZNAME:MDT
TZOFFSETFROM:-0700
TZOFFSETTO:-0600
END:DAYLIGHT
BEGIN:STANDARD
DTSTART:19651031T02
RRULE:FREQ=YEARLY;UNTIL=19661030T08Z;BYDAY=-1SU;BYMONTH=10
TZNAME:MST
TZOFFSETFROM:-0600
TZOFFSETTO:-0700
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:19670430T02
RRULE:FREQ=YEARLY;UNTIL=19730429T09Z;BYDAY=-1SU;BYMONTH=4
TZNAME:MDT
TZOFFSETFROM:-0700
TZOFFSETTO:-0600
END:DAYLIGHT
BEGIN:STANDARD
DTSTART:19671029T02
RRULE:FREQ=YEARLY;UNTIL=20061029T08Z;BYDAY=-1SU;BYMONTH=10
TZNAME:MST
TZOFFSETFROM:-0600
TZOFFSETTO:-0700
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:19740106T02
RDATE;VALUE=DATE-TIME:19740106T02
RDATE;VALUE=DATE-TIME:19750223T02
TZNAME:MDT
TZOFFSETFROM:-0700
TZOFFSETTO:-0600
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:19760425T02
RRULE:FREQ=YEARLY;UNTIL=19860427T09Z;BYDAY=-1SU;BYMONTH=4
TZNAME:MDT
TZOFFSETFROM:-0700
TZOFFSETTO:-0600
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:19870405T02
RRULE:FREQ=YEARLY;UNTIL=20060402T09Z;BYDAY=1SU;BYMONTH=4
TZNAME:MDT
TZOFFSETFROM:-0700
TZOFFSETTO:-0600
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T02
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:MDT
TZOFFSETFROM:-0700
TZOFFSETTO:-0600
END:DAYLIGHT
BEGIN:STANDARD
DTSTART:20071104T02
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:MST
TZOFFSETFROM:-0600
TZOFFSETTO:-0700
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
ATTENDEE;CUTYPE=INDIVIDUAL;EMAIL=j...@jilayne.com;PARTSTAT=ACCEPTED;
 ROLE=CHAIR;CN=Jilayne Lovejoy:mailto:lovejoyl...@gmail.com
ATTENDEE;CN=SPDX-legal;CUTYPE=INDIVIDUAL;EMAIL=spdx-legal@lists.spdx.org;
 PARTSTAT=NEEDS-ACTION;RSVP=TRUE:mailto:spdx-legal@lists.spdx.org
DTEND;TZID=America/Denver:20160107T12
TRANSP:OPAQUE
UID:FC1A0588-FFD1-4BA6-99D1-81D1A0018C34
DESCRIPTION:Join the call: https:
 //www.uberconference.com/spdxteam\nOptional dial in number: 
 857-216-2871\nPIN: 38633
SEQUENCE:0
SUMMARY:SPDX Legal call
DTSTART;TZID=America/Denver:20160107T11
CREATED:20160106T180341Z
RRULE:FREQ=WEEKLY;INTERVAL=2;BYDAY=TH;WKST=SU
DTSTAMP:20160106T180525Z
ORGANIZER;CN=Jilayne Lovejoy;EMAIL=lovejoy

SPDX License List v2.3 released

2016-01-06 Thread J Lovejoy 
And available in the usual places:
- “human-friendly” web pages: http://spdx.org/licenses/ 

- master files available here: 
http://git.spdx.org/?p=license-list.git;a=summary 
 (use 2.3 tag)
- info on different ways to access the SPDX License List available here: 
http://wiki.spdx.org/images/SPDX-TR-2014-2.v1.0.pdf 


Changes for v2.3:
- 3 new licenses; 1 new exception
- matching markup added to many standard headers (still more work to be done 
here)
- various minor formatting improvements/fixes

Jilayne Lovejoy
SPDX Legal Team co-lead
opensou...@jilayne.com


___
Spdx-legal mailing list
Spdx-legal@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-legal